<?php

require_once('functions/pageLoad.php');

$page_title = 'Reset password';

$content = '<p class="noTop">To reset your password, enter a new password below.</p>

<form method="post" action="/password-reset" id="password-reset">
<input type="hidden" name="token" value="'.$_GET['token'].'" />

<div id="registration_form">

<div class="rowWrapper" id="password1_wrap">
<div class="rowLeft"><label for="password1">New password:</label></div>
<div class="rowRight"><input type="password" name="password1" id="password1" class="textbox" /></div>
</div>

<div class="rowWrapper" id="password2_wrap">
<div class="rowLeft"><label for="password2">Confirm password:</label></div>
<div class="rowRight"><input type="password" name="password2" id="password2" class="textbox" /></div>
</div>

<div class="rowWrapper">
<div class="rowLeft">&nbsp;</div>
<div class="rowRight"><input type="image" src="/images/reset_password.gif" alt="Reset password"></div>
</div>

</div>

</form>';

if($_SERVER['REQUEST_METHOD'] == 'POST'){

$fail.= (strlen($_POST['password1']) < 6 || strlen($_POST['password1']) > 16) ? '<li>Passwords must be 6-16 characters long</li>' : '';
$fail.= ($_POST['password1'] != $_POST['password2']) ? '<li>Passwords do not match</li>' : '';

	if(strlen($fail) > 0){

	// PHAIL

	$results = '<div class="yellow_box"><p style="color: #cc0000; font-weight: bold;">Error: Please correct the following errors;</p><ul>'.$fail.'</ul></div>';

	}

	else{

	$tokenArr = explode("-", $_POST['token']);

	$sql = "SELECT id, email FROM users WHERE id = '".mysql_real_escape_string($tokenArr[1])."' AND password = '".mysql_real_escape_string($tokenArr[0])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);
	$rows = mysql_num_rows($query);

	if($rows == 1){	

	$encrypt1 = base64_encode($_POST['password1'].'_'.$encryption_salt);
	$encrypt2 = md5($encrypt1.'_'.$rs['email'].'_'.$encryption_salt);

	$sql = "UPDATE users SET password = '".$encrypt2."' WHERE id = '".$rs['id']."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());

	$results = '<div class="yellow_box"><p style="color: #009900; font-weight: bold;">Your password has been successfully updated.</p></div>';

	$content = '';

	}

	else{

	$results = '<div class="yellow_box"><p><span style="color: #cc0000; font-weight: bold;">Error:</span> There was an error processing your request, please try again. Please contact us, if problems persist.</p></div>';

	$content = '';

	}

	}
}

include('includes/meta.php');
include('includes/header.php');
include('includes/navigation.php');

?>

<h1>Reset password</h1>

<?php echo $results.$content; ?>

<?php 

include('includes/rightColumn.php');
include('includes/footer.php');

?>